Outlook Web Access keeps giving HTTP/1.1 503 Service Unavailable, after user/pass entered
The setup is
2 x 2003 standard servers all Service Packs & critical updates installed
both the above have
Exchange 2003 standard with SP1 installed
These servers were installed from new never having anything on them but 2003 OS and 2003 Exchange also no user accounts or mailboxes were migrated either these are both 2003 from scratch running AD.
After typing http://domain.name/exchange
You get the login box after entering the correct user info you get the dreaded
HTTP/1.1 503 Service Unavailable
Authentication is working correctly as if you enter incorrect user details the login pops backup.
In IIS the website directory is as follows with the folloing results when you try to browse the directories induvidually:
Exadmin (results in 404 error)
Exchange (results in 503 error)
Exchweb (results in 403 error)
Microsoft-server-Activesyn
oma
public (results in 503 error)
ASP_Client
bla bla bla
Theres only 1 Http Virtual server in Exchanges Sys Manager as I know you can have problems if there is an extra incorrectly configured extra virtual server.
Ive restarted all exchange services till Im blue in the face including the WWW service as well.
Ive got to hold my hands up on this one after trawlling the web and trying what seems like every suggested fix I still cant get to the bottom of this one, any help or suggestions would be extremely welcome.
Ive tried all sorts of variations some which I know wont work but out of pure desperation you try anything.
2 x 2003 standard servers all Service Packs & critical updates installed
both the above have
Exchange 2003 standard with SP1 installed
These servers were installed from new never having anything on them but 2003 OS and 2003 Exchange also no user accounts or mailboxes were migrated either these are both 2003 from scratch running AD.
After typing http://domain.name/exchange
You get the login box after entering the correct user info you get the dreaded
HTTP/1.1 503 Service Unavailable
Authentication is working correctly as if you enter incorrect user details the login pops backup.
In IIS the website directory is as follows with the folloing results when you try to browse the directories induvidually:
Exadmin (results in 404 error)
Exchange (results in 503 error)
Exchweb (results in 403 error)
Microsoft-server-Activesyn
oma
public (results in 503 error)
ASP_Client
bla bla bla
Theres only 1 Http Virtual server in Exchanges Sys Manager as I know you can have problems if there is an extra incorrectly configured extra virtual server.
Ive restarted all exchange services till Im blue in the face including the WWW service as well.
Ive got to hold my hands up on this one after trawlling the web and trying what seems like every suggested fix I still cant get to the bottom of this one, any help or suggestions would be extremely welcome.
Ive tried all sorts of variations some which I know wont work but out of pure desperation you try anything.
ASKER
Even though 282230 is for WSK server and we have W3K I still removed DAVEX.DLL not quite as it states on the KB as you have to Select
CREATE
To activate
The configuration button so you can see the mapping to DAVEX.
Unfortunately now all or maybe fortunately not quite sure,
But now all I get after entering log in details
is the Root of the website.
DomainName.com - /exchange/
--------------------------
[To Parent Directory]23/06/2005 10:31 <dir> ServerName-SA23/06/2005 10:31 <dir> SystemMailbox{8A24907F-114
--------------------------
I also get the same if I browse the virtual directories in IIS as well.
Could be going from bad to worse here not quite sure.
CREATE
To activate
The configuration button so you can see the mapping to DAVEX.
Unfortunately now all or maybe fortunately not quite sure,
But now all I get after entering log in details
is the Root of the website.
DomainName.com - /exchange/
--------------------------
[To Parent Directory]23/06/2005 10:31 <dir> ServerName-SA23/06/2005 10:31 <dir> SystemMailbox{8A24907F-114
--------------------------
I also get the same if I browse the virtual directories in IIS as well.
Could be going from bad to worse here not quite sure.
One thing I just thought of, check to make sure in IIS that you have access enabled. Now I forget where I had found this, but I had a problem with certsrv page not showing up and it turned out to be that IIS access was turned off at the route as default. If I remember where that is (it was three options for access all disabled from what I remember) I will let you know. That seems to be your problem.
ASKER
This is looking more and more like a total rebuild of this DC and then putting Exchange server back on, Hmm not a nice thought, its gone from bad to worse. Now its showing error 404 after the user/pass are entered or when I browse IIS's virtual directories.
Try resetting the virtual folders.
http://support.microsoft.com/default.aspx?kbid=883380
If that doesn't work and it is a new build then reset and do it again. I have rebuilt Exchange servers 3 or 4 times before I am happy with them.
However I get the impression from your last post that this is a domain controller as well as Exchange?
Do you not have domain controllers elsewhere? Exchange is much happier on member servers.
As you have two servers with Exchange and no indication of one of them being a frontend server you will have issues with OWA unless both servers can be seen from the internet, have their own external IP address and their name is also resolvable from the Internet.
Simon.
http://support.microsoft.com/default.aspx?kbid=883380
If that doesn't work and it is a new build then reset and do it again. I have rebuilt Exchange servers 3 or 4 times before I am happy with them.
However I get the impression from your last post that this is a domain controller as well as Exchange?
Do you not have domain controllers elsewhere? Exchange is much happier on member servers.
As you have two servers with Exchange and no indication of one of them being a frontend server you will have issues with OWA unless both servers can be seen from the internet, have their own external IP address and their name is also resolvable from the Internet.
Simon.
ASKER
Thanks for that KB Simon I was trying to find out how to reset IIS back to its default exchange virtual server status this looks like a good bet.
I'll give this a bash just to try and prove a point to myself as I think this is the problem, as I seem to of tried just about everything else, If it works fine if not I will demote this DC as you suggest and rebuild Exchange, this one is actually the Front End Exchange server.
Theres nothing like a good old fashioned problem like this to get you thinking.
I'll give this a bash just to try and prove a point to myself as I think this is the problem, as I seem to of tried just about everything else, If it works fine if not I will demote this DC as you suggest and rebuild Exchange, this one is actually the Front End Exchange server.
Theres nothing like a good old fashioned problem like this to get you thinking.
ASKER
The resetting of IIS never worked either its a rebuild
ASKER
After totally rebuilding both Exchange Servers along with the PDC yeh I know but I'd had enough of messing around, so Ive rebuilt both from the ground up ie a total format, so the setup is:
1 x 2003 server as a PDC with DNS & WINS running from it with every service pack and critical update.
1 x 2003 server as a member server (NOT a DC) with Exchange 2003 with every service pack and critical update.
When browsing from outside the internal network ie a totally differant ISP etc to open Outlook Web access the login box pops open and I can actually view the folder structure on the left hand side yet I keep getting prompted for the user or pass until I receive
Error: Access is denied
I can actually see the contents of the inbox but the login box keeps appearing over the top each time, the exact same when I try the sent items or contacts etc.
I know this is going to sound weird, but if I cancel the login box for say the inbox and try say the contacts then cancel the login box for contacts and go back to the inbox I dont get the login box and can view the emails etc, I can open a new email or do a reply but as soon as I hit send I cannot get past the blasted login box which pops backup.
These are both virgin servers with no other programs on them except as they come straight off the install CDs with the latest service packs and updates.
I know the user details are correct obviously as it happens with all accounts even when I cross check by changing passwords or login with
"domain\user" or "user@domain.com" or simply "user".
IIS Virtual website structure or permissions have not being changed since the rebuild ie
Exadmin = Intergrated Authentication
Exchange = Basic and Intergrated and the correct domain
Exchweb = Anonymous (and the Bin inside exchweb = intergrated)
OMA = basic default domain set to \
Public - basic and intergrated and the correct domain
Any ideas would be greatly appreciated because as usual its got to be just one annoying tick box somewhere which Im missing but I cant see it thats for sure.
1 x 2003 server as a PDC with DNS & WINS running from it with every service pack and critical update.
1 x 2003 server as a member server (NOT a DC) with Exchange 2003 with every service pack and critical update.
When browsing from outside the internal network ie a totally differant ISP etc to open Outlook Web access the login box pops open and I can actually view the folder structure on the left hand side yet I keep getting prompted for the user or pass until I receive
Error: Access is denied
I can actually see the contents of the inbox but the login box keeps appearing over the top each time, the exact same when I try the sent items or contacts etc.
I know this is going to sound weird, but if I cancel the login box for say the inbox and try say the contacts then cancel the login box for contacts and go back to the inbox I dont get the login box and can view the emails etc, I can open a new email or do a reply but as soon as I hit send I cannot get past the blasted login box which pops backup.
These are both virgin servers with no other programs on them except as they come straight off the install CDs with the latest service packs and updates.
I know the user details are correct obviously as it happens with all accounts even when I cross check by changing passwords or login with
"domain\user" or "user@domain.com" or simply "user".
IIS Virtual website structure or permissions have not being changed since the rebuild ie
Exadmin = Intergrated Authentication
Exchange = Basic and Intergrated and the correct domain
Exchweb = Anonymous (and the Bin inside exchweb = intergrated)
OMA = basic default domain set to \
Public - basic and intergrated and the correct domain
Any ideas would be greatly appreciated because as usual its got to be just one annoying tick box somewhere which Im missing but I cant see it thats for sure.
Under IIS Manager -> Web Service Extensions : make sure that everything is labeled "ALLOWED".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey thanks for the really quick reply Henrik.
I tried your 1st option,
That never solved it unfortunately.
I followed the link to your Tutorial for the certsrv,
I got down to the following section:
--------------------------
Getting the Pending Request accepted by our Certificate Authority
Now that we have a pending Certificate Request, we need to have it accepted by our CA, which is done the following way:
On the server open Internet Explorer
Type http://server/certsrv
--------------------------
At this point I entered the http://servername/certsrv etc and received the dreaded page cannot be found, I tried via the servers own IP Address/certsrv also via loopback/certsrv and also via the server name pluse FQDN/certsrv.
Its late Im not thinking logically I'll have to have a look tomorrow when Im awake.
Again thanks very much for your help
I tried your 1st option,
That never solved it unfortunately.
I followed the link to your Tutorial for the certsrv,
I got down to the following section:
--------------------------
Getting the Pending Request accepted by our Certificate Authority
Now that we have a pending Certificate Request, we need to have it accepted by our CA, which is done the following way:
On the server open Internet Explorer
Type http://server/certsrv
--------------------------
At this point I entered the http://servername/certsrv etc and received the dreaded page cannot be found, I tried via the servers own IP Address/certsrv also via loopback/certsrv and also via the server name pluse FQDN/certsrv.
Its late Im not thinking logically I'll have to have a look tomorrow when Im awake.
Again thanks very much for your help
I had the exact same problem, and I had to adjust settings under Web Service Extension in IIS.
Also check with http://support.microsoft.com/?id=265847 and http://support.microsoft.com/?kbid=823265 make sure you enable Script permissions for your sites.
Also check with http://support.microsoft.com/?id=265847 and http://support.microsoft.com/?kbid=823265 make sure you enable Script permissions for your sites.
ASKER
Boy o Boy is this hard this SSL.
Long story but I found out what was stopping me re my earlier post.
Ive now got virtually to the end of your tutorial Henrick:
I now get upto typing in after creating the certificate etc etc
http://exchange_server/exchange
And I correctly recieve the 403 error type HTTPS:// at the beginning.
I then type
https://exchange_server/exchange
And I get asked if I want to accept the certificate etc
I select yes
HOWEVER
Unlike your tutorial Iam not at this point prompted for a user and pass
Im straight into my OWA and can see the padlock icon and when I double click the padlock icon it is correct I can view my mailbox correctly and send email etc.
That is all locally however.
When I try to access this OWA site externally via
http://exchange_server/exchange
or
exchange_server/exchange
I recieve the dreaded 403
--------------------------
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
--------------------------
Please try the following:
Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
--------------------------
Of course I try this and cannot get to it.
Unfortunately at this moment I cant give you the exact error as Im remoted into the works network, I cant get to a friends PC untill tomorrow,
however on the works network I CAN view any other amount of SSL websites EBAY/PAYPAL/My bank etc etc
Any ideas would be appreciated.
I would'nt care its working really nice internally apart from not requesting my user and pass
Long story but I found out what was stopping me re my earlier post.
Ive now got virtually to the end of your tutorial Henrick:
I now get upto typing in after creating the certificate etc etc
http://exchange_server/exchange
And I correctly recieve the 403 error type HTTPS:// at the beginning.
I then type
https://exchange_server/exchange
And I get asked if I want to accept the certificate etc
I select yes
HOWEVER
Unlike your tutorial Iam not at this point prompted for a user and pass
Im straight into my OWA and can see the padlock icon and when I double click the padlock icon it is correct I can view my mailbox correctly and send email etc.
That is all locally however.
When I try to access this OWA site externally via
http://exchange_server/exchange
or
exchange_server/exchange
I recieve the dreaded 403
--------------------------
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
--------------------------
Please try the following:
Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
--------------------------
Of course I try this and cannot get to it.
Unfortunately at this moment I cant give you the exact error as Im remoted into the works network, I cant get to a friends PC untill tomorrow,
however on the works network I CAN view any other amount of SSL websites EBAY/PAYPAL/My bank etc etc
Any ideas would be appreciated.
I would'nt care its working really nice internally apart from not requesting my user and pass
When you setup SSL make sure you use your internal DNS name and not the external. Also make sure you enable Forms Based Authentication in Exchange System Manager. Also make sure you untick everything other then basic authentication for the exchange virtual folder.
ASKER
Thats it its working now with the IIS directory as you show above
Exchange = Basic
Exchweb = Anonymous (bin set to Basic only)
ExchAdmin = Integrated
Public = Basic
My mistake too many long hours and working late I forgot to configure the firewall for SSL after following the tutorial.
I would'nt care Ive had www.msexchange.org set as one of my favourites for sometime now and never gave it a thought to look in there, Ive just being looking through the Tutorials in there now and there are some really interesting ones.
I love the little padlock icon giving the peace of mind that SSL 128 bit is running,
also the incorporation of the forms based authentication looks much more user friendly than the traditional user/pass login and slick.
Ive got This certificate cannot be verified up to a trusted certification authority on the cert,
but I guess I can track that down myself.
The points are yours henrick Ive allotted the points to your tutorial section as it was this that got me on the way.
Thanks again for all your help and keep up the good work.
PS Ive just ordered your book from amazon.
Exchange = Basic
Exchweb = Anonymous (bin set to Basic only)
ExchAdmin = Integrated
Public = Basic
My mistake too many long hours and working late I forgot to configure the firewall for SSL after following the tutorial.
I would'nt care Ive had www.msexchange.org set as one of my favourites for sometime now and never gave it a thought to look in there, Ive just being looking through the Tutorials in there now and there are some really interesting ones.
I love the little padlock icon giving the peace of mind that SSL 128 bit is running,
also the incorporation of the forms based authentication looks much more user friendly than the traditional user/pass login and slick.
Ive got This certificate cannot be verified up to a trusted certification authority on the cert,
but I guess I can track that down myself.
The points are yours henrick Ive allotted the points to your tutorial section as it was this that got me on the way.
Thanks again for all your help and keep up the good work.
PS Ive just ordered your book from amazon.
Awesome, The ssl cert won't be a trusted authority unless you buy one from the major vendors. So you will have to check the OK button to accept the cert everytime. It is the only downfall from using your own cert. Secondly, my name is not henrick, and I have never written a book (at least non that I am aware of) so you may have me confused with someone else.
ASKER
Nice one Derek
Sorry about the confusion though,
for some reason I never clicked on your EE Link to see your name, after following the tutorial link above you gave
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
I noted that the fella who wrote that tutorial was danish and what with your EE user,
so 2 n 2 = Roy gets it completely wrong.
Thanks all the same though and sorry for the confusion.
Sorry about the confusion though,
for some reason I never clicked on your EE Link to see your name, after following the tutorial link above you gave
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
I noted that the fella who wrote that tutorial was danish and what with your EE user,
so 2 n 2 = Roy gets it completely wrong.
Thanks all the same though and sorry for the confusion.
We had the same issue, and it was due to the WWW Service not being started on the backend server. A quick restart has resolved the problem.
Thank you AshlingGarry... i've been trying to fix this all morning and that simple step fixed it.
http://support.microsoft.com/?kbid=896742
Try both of these.